Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab runner vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-39947
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs
Gitlab Gitlab Runner
7.5
CVSSv3
CVE-2020-13327
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 prior to 13.4.2, all versions starting from 13.3.0 prior to 13.3.7, all versions starting from 13.2.0 prior to 13.2.10. Insecure Runner Configuration in Kubernetes Environments
Gitlab Runner
8.8
CVSSv3
CVE-2020-13295
For GitLab Runner prior to 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
Gitlab Runner
8
CVSSv3
CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner a...
Gitlab Runner
6.5
CVSSv3
CVE-2019-9866
An issue exists in GitLab Community and Enterprise Edition 11.x prior to 11.7.7 and 11.8.x prior to 11.8.3. It allows Information Disclosure.
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-2227
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions
Gitlab Gitlab 15.1.0
Gitlab Gitlab
5.3
CVSSv3
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 before 15.4.6, 15.5 before 15.5.5, and 15.6 before 15.6.1 allows an malicious user to connect to local addresses when configuring a malicious GitLab Runner.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2022-2228
Information exposure in GitLab EE affecting all versions from 12.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner ...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2020-13310
A vulnerability exists in GitLab runner versions prior to 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
Gitlab Gitlab
9.1
CVSSv3
CVE-2020-13347
A command injection vulnerability exists in Gitlab runner versions before 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the malicious user to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build v...
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »